DeepAI AI Chat
Log In Sign Up

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security

by   Jacob Brown, et al.

Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology. The diversity and complexity of these components present an enormous attack surface, allowing an adversary to exploit security vulnerabilities of different devices to execute a potent attack. Though significant efforts have been made to improve the security of individual devices in these systems, little attention has been paid to security at the aggregate level. In this article, we describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, our model employs a machine learning approach to extrapolate undiscovered exploits, enabling us to identify attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. GRAVITAS can be employed by governments, companies, and system administrators to design secure IoT/CPS at scale, providing a quantitative measure of security and efficiency in a world where IoT/CPS devices will soon be ubiquitous.


RFID Exploitation and Countermeasures

Radio Frequency Identification (RFID) systems are among the most widespr...

You Overtrust Your Printer

Printers are common devices whose networked use is vastly unsecured, per...

Interdependent Strategic Security Risk Management with Bounded Rationality in the Internet of Things

With the increasing connectivity enabled by the Internet of Things (IoT)...

Evaluation of Attack Vectors and Risks in Automobiles and Road Infrastructure

The evolution of smart automobiles and vehicles within the Internet of T...

Model-based Cybersecurity Analysis: Past Work and Future Directions

Model-based evaluation in cybersecurity has a long history. Attack Graph...